Re: dovecot Outlook failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Karl Pearson wrote:
On Thu, 23 Oct 2008, Rick Stevens wrote:

Karl Pearson wrote:
I'm in a client office, and they use Outlook. I installed a new server
after theirs was hacked into from China (story for another time). I've
installed Fedora 8 and everything is working, except dovecot from inside
the network (it's not going to work from outside anymore :) ).

If I sit at an XP PC and telnet 110 it just hangs for awhile,
then times out and ends up back at a DOS prompt. Same for 143 (IMAP).

I can telnet 25 and send email all day long.

I setup an Evolution account for both POP3 and IMAP on the server and it
works fine.

I have configured 2 other PCs with Fedora 8 in the last 2 months and
they both work fine. What am I missing here?

Uh, really dumb question, but did you "chkconfig dovecot on" to make
sure it starts on boot?  Did you start it via "service dovecot start"?
Does "netstat -lpn" show dovecot listening on ports 110 and 143?

No, that's not the least bit dumb. I didn't and it wasn't, but that wasn't the problem because I did that pretty early on, and fixed it. The server had been rebooted a few times since.

I did find the problem, though hadn't come across it before. It was iptables not 'trusting' those services to be accessed from a remote IP address. Thus, it worked on the server, but not from anywhere else. I did iptables -F and turned it off. The server is behind a very nice Linux-based firewall, and those services aren't NATted anyway. Only 25, 80 and 22 are open, and 22 to root is forbidden. The old server had been on a DMZ, with Samba and everything else open for the world to see.

Ah!  Yeah, that'd block them for sure.  iptables was going to be my next
question, but you beat me to it!  Heheheheheh!

When I install other servers, I typically disable iptables from starting at boot because I have my own scripts to do it for me.

With the information you gave in the last thread I started, I may be re-thinking that strategy. It bit me big this time.

I'll help if I can.  I just finished my PCI-hardening stuff so I've got
a pretty good grip on security stuff now...iptables, external firewalls,
ssh restrictions, session timeouts, authentication and sudo off LDAP,
the lot.
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
- I never drink water because of the disgusting things that fish do  -
-                                  in it.                            -
-                                                      -- WC. Fields -

Redhat-install-list mailing list
To Unsubscribe Go To ABOVE URL or send a message to:
Subject: unsubscribe

[Red Hat Kickstart]     [Fedora Users]     [Red Hat General]     [Red Hat Development]     [Samba]     [Kernel]     [Kernel Newbies]     [Hot Springs]     [Yosemite News]

Powered by Linux